Senior Information Systems Security Officer

ECS Tech Inc•Quantico, AL

About The Position

ECS is seeking an experienced Senior Information Systems Security Officer to support a mission-critical federal cybersecurity program in the National Capital Region. This role provides senior-level Information Systems Security Officer support for Security Assessment and Authorization, Risk Management Framework execution, authorization package development, continuous monitoring, vulnerability remediation, audit readiness, and security compliance for federal information systems. This position is contingent upon contract award. The selected candidate will serve as a senior ISSO and task lead, coordinating with system owners, ISSEs, ISSMs, engineering teams, program leadership, and authorization stakeholders to help assigned systems obtain and maintain compliant authorizations. The ISSO3 will support day-to-day system security operations, maintain required cybersecurity documentation, track remediation activities, support audit and vulnerability data calls, and help ensure security controls are accurately documented, implemented, and monitored throughout the system lifecycle.

Requirements

Active Top Secret clearance with SCI eligibility
U.S. citizenship.
Minimum of 7 years of experience serving as an Information Systems Security Officer or Information Systems Security Engineer at a cleared facility.
Minimum of 9 years of work experience in a computer science, cybersecurity, information technology, or related technical field.
Experience supporting RMF, Security Assessment and Authorization, ATO, continuous monitoring, POA&M management, vulnerability remediation, security documentation, and authorization package development.
Experience preparing, reviewing, and maintaining RMF artifacts, including System Security Plans, control implementation descriptions, risk assessments, POA&Ms, inventories, network diagrams, data flow diagrams, and continuous monitoring documentation.
Experience coordinating with system owners, engineers, ISSMs, ISSEs, program leadership, and authorization stakeholders.
Knowledge of NIST SP 800-53, NIST SP 800-53A, FIPS 199, FIPS 200, FISMA, vulnerability management, POA&M management, and federal cybersecurity requirements.
Familiarity with the use and operation of security tools, including Tenable Nessus and/or Security Center, Splunk, IBM Guardium, HP WebInspect, Network Mapper, or similar applications.
Strong written and verbal communication skills, including the ability to explain security risks, documentation gaps, compliance issues, remediation needs, and authorization impacts to technical and non-technical stakeholders.
Ability to manage multiple systems, priorities, deliverables, stakeholders, and deadlines in a high-accountability federal mission environment.
Possess at least one of the following certifications: CISSP, GISP, CASP, or another certification demonstrating skills consistent with DoD 8570 IAM Level III proficiency.

Responsibilities

Serve as a senior ISSO and task lead supporting assigned federal information systems.
Support full lifecycle Security Assessment and Authorization activities in alignment with RMF, federal cybersecurity requirements, and customer-specific security policies.
Prepare, review, update, and maintain RMF and SAA documentation, including System Security Plans, control implementation descriptions, risk assessments, POA&Ms, continuous monitoring artifacts, inventories, data flow diagrams, network diagrams, and authorization package materials.
Coordinate with system owners, ISSEs, ISSMs, engineers, and authorization stakeholders to support timely ATO, CATO, or ATU outcomes and prevent authorization lapses.
Ensure assigned systems remain fully scoped, including accurate documentation of system boundaries, components, hardware, software, interconnections, data flows, and technology stacks.
Support control implementation documentation and ensure security control descriptions accurately reflect system conditions and available evidence.
Track vulnerabilities, POA&Ms, remediation milestones, corrective actions, and compliance activities through closure.
Support vulnerability and patch reporting, emergency directive responses, data calls, RFIs, and other compliance requests.
Monitor system security posture and support continuous monitoring activities, including documentation updates, evidence collection, recurring reviews, and stakeholder coordination.
Support annual security control assessments, FISMA reviews, audit preparation, COOP or resiliency documentation, and other recurring federal cybersecurity requirements.
Review technical and procedural security evidence for completeness, accuracy, consistency, and traceability.
Identify documentation gaps, control weaknesses, compliance risks, and remediation needs; coordinate corrective actions with system owners and technical teams.
Support onboarding of new systems by establishing security documentation baselines, identifying required artifacts, confirming stakeholder roles, and tracking authorization readiness.
Support incident-related cybersecurity documentation and recovery activities when assigned systems are impacted by a cybersecurity event.
Provide status updates, risk summaries, action item tracking, and documentation quality feedback to program leadership and stakeholders.
Develop or improve checklists, templates, SOPs, evidence standards, and repeatable processes to improve quality, consistency, and timeliness of ISSO support.
Mentor junior ISSOs and support knowledge sharing across the cybersecurity team.
Fill in as ISSO for additional systems as needed.